package com.cms.controller;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;

import com.cms.entity.User;
import com.cms.service.LoginService;
import com.cms.service.UserService;

/**
*@author:gang
*@version:
**/
@Controller
public class loginController {
	@RequestMapping("/login")
	public ModelAndView login(){
		ModelAndView mView = new ModelAndView();
		mView.setViewName("login");
		return mView;
	}
	

//	测试String直接接收前台数据
//	public void test(HttpServletRequest request,
//			HttpServletResponse response, String username, String password){
//		System.out.println(username);
//		System.out.println(password);
//		ModelAndView mView = new ModelAndView();
//		mView.setViewName("main");
//	}
	/*此处可能会有疑问，感觉shiro的realm完全没有用上，这个是因为我们将shiro交给spring容器控制了，看shiro的配置文件我们就可以发现adminRealm确实被使用了*/
	@Resource
	private UserService userService;
	@Resource
	private LoginService loginService;
	
	@RequestMapping("/logining")
	public ModelAndView logining(HttpServletRequest request,
			HttpServletResponse response, String name, String password) {
		ModelAndView mv = new ModelAndView();
		User user = userService.getUserByName(name);
		password = userService.getPasswordByUtil(user,password);
		UsernamePasswordToken token = new UsernamePasswordToken(name,
				password);
		// 记录该令牌
		token.setRememberMe(false);
		// subject权限对象 
		Subject subject = SecurityUtils.getSubject();
		System.out.println(subject.isAuthenticated());
		String exceptionClassName = (String) request
				.getAttribute("shiroLoginFailure");
		//判断是否已登录
		if (subject.isAuthenticated()){
			subject.logout();
		}
		try {
			// 提交申请，验证能不能通过，也回调reaml里的doGetAuthenticationInfo验证是否通过
			subject.login(token);
			System.out.println(exceptionClassName);
		} catch (UnknownAccountException ex) {// 用户名没有找到
			mv.addObject("msg", "用户未找到");
//			ex.printStackTrace();
		} catch (IncorrectCredentialsException ex) {// 用户名密码不匹配
			mv.addObject("msg", "密码不正确");
//			map.put("msg", "密码不正确");
//			ex.printStackTrace();
		} catch (AuthenticationException e) {// 其他的登录错误
			mv.addObject("msg", "其他错误");
//			e.printStackTrace();
		} catch (Exception e) {
			mv.addObject("msg", "登录异常");
//			e.printStackTrace();
		}
		
		// 验证是否成功登录的方法
		if (subject.isAuthenticated()) {
			mv.setViewName("main");
		}else{
//			mv.setViewName("redirect:/login.jsp");
			mv.setViewName("login"); //此处偷懒，一般是ajax请求，或重定向时将失败传回
			loginService.setSessionKey(request, user);
		}
//		return new ModelAndView("redirect:/login.jsp");
		return mv;
	}

	// 退出
	@RequestMapping("/logout")
	public void logout() {
		Subject subject = SecurityUtils.getSubject();
		subject.logout();
	}
	@RequestMapping("/register")
	public ModelAndView register(){
		ModelAndView regView = new ModelAndView();
		regView.setViewName("register");
		return regView;
	}
}
